Online kursus: Certified Secure Software Lifecycle Professional (CSSLP)
Undgå sikkerhedsbrud på software! Lær at implementere sikkerhed, sikkerhedskontrol, sikkerhedsprocesser og sikkerhedspolitikker i softwareudviklingen. Denne kursuspakke forbereder dig til en CSSLP-certificering. Kurserne er på engelsk og foregår online, når det passer dig. Du har adgang til online kursuspakken i 365 dage.
Professionel håndtering af software-sikkerhed
En fundamental forståelse af de potentielle risici og svaghedspunkter igennem softwares livscyklus er grundlaget for at håndtere software-sikkerhed. På dette kursus vil du lære, hvordan man sikrer software skridt for skridt, gennem hele processen, med kerneprincipperne fortrolighed (confidentiality), integritet (integrity), autentikation (authentication) og autorisation (authorization), samt interne og eksterne sikkerhedskrav. Derudover undersøger kurset sikre softwaredesign-processer, hvordan man indbygger sikkerhedskontrol i software- og kodeimplementering, og hvordan man tester, at denne sikkerhedskontrol fungerer. Sidst vil du blive introduceret til flere pre- og postudgivelsesaktiviteter, som kan teste skrøbeligheder i softwaret. For outsourcet softwareudvikling og indkøb vil du lære om risikovurdering for udbydere, inklusiv immaterielret, genbrug af kode og potentielle lovmæssige udfordringer.
Denne kursuspakke indeholder en serie af kurser, som dækker målsætningerne for ’Certified Secure Software Lifecycle Professional (CSSLP)’ eksamen.
Deltagerprofil
Programmører, projektledere, IT analytikere og ingeniører, som er involveret I softwareudvikling, eller andre individer, som er interesseret i koncepterne bag sikkert softwaredesign samt kandidater til ’Certified Secure Software Lifecycle Professional (CSSLP)’ eksamen.
Udbytte
- Lær at implementere sikkerhedsprotokoller gennem hele udviklingsfasen.
- Lær om applikationssvagheder, risici og indvilligelsesproblematikker som opstår i udviklingsfasen.
- Genkend karakteristikkerne ved autentikation og autorisation.
- Identificer interne og eksterne sikkerhedskrav.
- Genkend karakteristikkerne ved programmering/programlægnings-sikkerhed.
- Identificer det ideelle miljø til sikker softwaretest.
- Identificer de bedste fremgangmåder til software anvendelse, drift, vedligeholdelse og rådighed.
Indhold
- recognize the characteristics of confidentiality
- identify the characteristics of integrity
- identify the characteristics of availability
- recognize the characteristics of authentication and authorization
- recognize the characteristics of authentication and authorization
- identify the role of accounting in assuring security
- recognize the characteristics of non-repudiation
- identify the characteristics of least privilege
- recognize the characteristics of separation of duties
- recognize the characteristics of defense in depth
- recognize the characteristics of fail-safe
- recognize the characteristics of economy of mechanism
- recognize the characteristics of complete mediation
- recognize the characteristics of open design
- recognize the characteristics of least common mechanism
- recognize the characteristics of psychological acceptability
- recognize the characteristics of the weakest link
- recognize the characteristics of leveraging existing components
- recognize the characteristics of privacy
- distinguish between different privacy considerations
- recognize characteristics of regulations and compliance
- distinguish between legal issues to keep in mind during the software lifecycle
- recognize characteristics of standards
- distinguish between the steps of the general risk management model
- identify secure software concepts in the Waterfall methodology
- identify secure software concepts in the Agile methodology
- recognize the principles and practices behind securing software
- identify typical internal security requirements
- identify typical external security requirements
- identify data state categories
- identify data usage categories
- distinguish between the data owner and data custodian roles
- distinguish between the different impact level definitions
- distinguish between structured and unstructured data
- distinguish between generation, retention, and disposal
- identify characteristics of role and user definitions
- identify the role of the deployment environment within functional requirements
- distinguish between objects, activities, and actions
- identify best practices for sequencing and timing
- identify characteristics of software deployment requirements
- identify characteristics of operations requirements
- identify characteristics of management requirements
- recognize what is involved in securing software
- measure and minimize attack surface
- recognize threat modeling techniques and the purpose of documentation
- identify characteristics of control identification and prioritization
- identify characteristics of design and architecture technical review
- identify characteristics of risk assessment for code reuse
- distinguish between applicable methods to address core security concepts
- recognize security design principle best practices
- distinguish between interconnectivity activities best practices
- identify interfaces best practices
- distinguish between the different architectural forms and supporting elements of secured distributed computing
- recognize best practices for securing service-oriented architecture
- recognize best practices for securing rich Internet applications
- recognize best practices for securing pervasive and ubiquitous computing
- recognize best security practices when integrating with existing architectures
- recognize best practices for securing cloud architectures
- recognize best practices for securing mobile applications
- distinguish between characteristics of authentication and identity management
- recognize characteristics of credential management
- distinguish between flow control methods
- recognize characteristics of logging
- recognize characteristics of data loss prevention
- identify benefits of virtualization in secure software design
- recognize types of Rights Expression Language or REL in Digital Rights Management or DRM
- recognize characteristics of trusted computing
- distinguish between database security techniques
- distinguish between compilers, interpreters, and hybrid source codes
- recognize characteristics of operating systems
- distinguish between control systems and firmware
- identify best practices for designing secure software
- recognize characteristics of declarative security
- recognize characteristics of programmatic security
- locate and list the Open Web Applications Security Project or OWASP "Top 10"
- locate and list the Common Weakness Enumeration or CWE list of software weaknesses
- recognize examples of using concurrency as a defensive coding practice
- recognize examples of using configuration as a defensive coding practice
- recognize examples of using cryptology as a defensive coding practice
- recognize examples of using output sanitization as a defensive coding practice
- recognize examples of using error handling as a defensive coding practice
- recognize examples of using input validation as a defensive coding practice
- recognize examples of using logging and auditing as a defensive coding practice
- recognize examples of using session management as a defensive coding practice
- recognize examples of using exception management as a defensive coding practice
- distinguish between safe and unsafe application programming interface or API coding practices
- distinguish between examples of static and dynamic type safety enforcement
- recognize characteristics of memory management as a defensive coding practice
- recognize characteristics of configuration parameter management as a defensive coding practice
- recognize examples of tokenizing as a defensive coding practice
- recognize characteristics of sandboxing as a defensive coding practice
- identify source code and versioning best practices
- identify build environment best practices
- recognize characteristics of peer-based code reviews
- distinguish between static and dynamic code analysis
- list the steps for code signing
- identify techniques for defensive and secure coding
- recognize characteristics of testing artifacts
- identify characteristics of functional testing
- distinguish between nonfunctional testing methods
- distinguish between white-, grey-, and black-box testing
- identify environment best practices for ensuring secure software testing
- distinguish between bug tracking states
- recognize characteristics of attack surface validation for software testing
- distinguish between testing standards for software quality assurance
- identify the four steps in the penetration process
- recognize characteristics of the fuzzing method
- recognize characteristics of scanning
- recognize characteristics of simulation testing
- recognize characteristics of testing for failure
- recognize characteristics of cryptographic validation
- recognize characteristics of regression testing
- recognize characteristics of continuous testing
- recognize characteristics of impact assessment
- recognize options for addressing bugs
- identify best practices in test data lifecycle management
- identify best practices for securely testing software
- identify the characteristics of the pre-release testing process
- list the six generic criteria for judging the suitability of a product
- identify the characteristics of risk acceptance
- identify characteristics of a post-release plan
- recognize characteristics of validation and verification
- recognize characteristics of independent testing
- identify the role of bootstrapping in deployment activities
- recognize characteristics of configuration management roles and plan
- distinguish between the six configuration management process activities
- recognize characteristics of release management activities
- recognize characteristics of monitoring during operations and maintenance
- distinguish between the different activities of incident management
- recognize characteristics of problem management
- recognize characteristics of change management
- recognize characteristics of backup, recovery, and archiving
- identify the components of an effective software disposal plan
- identify key activities during software disposal execution
- identify best practices for software deployment, operations, maintenance, and disposal activities
- recognize characteristics of risk assessment for code reuse
- identify best practices for creating a practical reuse plan
- identify best practices for preventing intellectual property theft
- recognize characteristics of legal compliance
- identify best practices for supplier prequalification activities
- distinguish between different security trade-offs in supplier sourcing
- identify best practices for contractual integrity controls
- identify best practices for vendor technical integrity controls
- identify best secure control practices for managed services from a supplier
- distinguish between the two rules service-level agreements or SLAs should provide
- identify technical controls for software development and testing
- identify code testing and verification options for software development and testing
- list the eight steps to create a formal set of security testing controls
- identify software requirements verification and validation
- identify chain of custody best practices
- distinguish between licenses, encryption, and authentication as publishing and dissemination controls
- identify characteristics of system-of-systems integration
- identify software authenticity and integrity best practices during software delivery, operations, and maintenance
- recognize best practices when integrating product deployment and sustainment controls
- identify monitoring and incident management best practices
- identify best practices for vulnerability management, tracking, and resolution activities
- identify the purpose of Code Escrow during supplier transitioning
- identify contracts best practices during supplier transitioning
- identify best practices for assessing supplier risk, implementing supplier sourcing controls, and delivering software
Tidsforbrug
Kursuspakken består af 7 kurser, hvor hvert kursus gennemsnitligt varer to timer. Hele kursuspakken kan således gennemføres på ca. 14 timer.
Form
Denne online kursuspakke består af flere forskellige kurser, som du ved tilmelding har adgang til i 365 dage. Hvert enkelt kursus er opdelt i flere kursusmoduler, som du via en oversigtsmenu kan tage i den rækkefølge, du ønsker. Modulerne indeholder lyd, billeder og tekst, der gennemgår kursusindholdet. Nogle moduler indeholder små videofilm med scenarier og cases. Ved hvert kursus har du mulighed for at teste din forståelse af indholdet med tests, som du kan tage både før, under og efter kurset. Du gennemfører kursusmodulerne via din computer eller tablet med lyd og adgang til Internettet. Du kan selv styre, hvornår du vil tage modulerne – og de kan sættes på pause undervejs.
Læs mere om vores online kurser og se svar på dine spørgsmål (FAQ)
Certificering
Kurset leder hen mod certificeringen Certified Secure Software Lifecycle Professional (CSSLP). Eksamen bestilles og betales særskilt. Vi henviser til certificeringsudbyderens hjemmeside for nærmere information om aktuelle betingelser for at opnå certificering. I forbindelse med nogle certificeringer skal du selv oprette dig på udbyderens hjemmeside for at få adgang til eksamen. Vær venligst opmærksom på, at der er overensstemmelse mellem den certificeringsversion, du har forberedt dig på og den version, du bestiller eksamen i.
Søgte du et andet online kursus?
Vi tilbyder over 7.000 forskellige online kurser inden for mange forskellige områder. Kontakt os på tlf. 72203000 eller kurser@teknologisk.dk, så vi kan hjælpe med at imødekomme dit behov.
Se desuden listen over vores udvalgte online kurser.
Køb online kurser til flere
Er I en afdeling, en hel virksomhed eller blot flere personer, der ønsker adgang til online kurser, så kontakt os og få et tilbud på tlf. 72203000 eller kurser@teknologisk.dk
Downloads
Har du faglige spørgsmål, så kontakt:
- Charlotte Heimann
- Seniorspecialist
- +45 72203147